0

Hello everyone! I am currently working on a change password code. I am having trouble because everytime I click submit the page seems to simply refresh. I am new to php and I am sure that everything on the database side is working alright. I have a working login, registration, etc. The only thing that doesn't work is the change password. I would appreciate any and all help! Thank you!

<html>
    <head>
        <title>Change Password</title>
            <link rel="stylesheet" type="text/css" href="style.css" />
    </head>
    <body>
<?php
$connection=mysql_connect('localhost','root','') or die (mysql_error());
$db=mysql_select_db('loginTut',$connection) or die (mysql_error());

$username = $_POST['username'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$newpassword = md5($newpassword);
$confirmnewpassword = $_POST['confirmnewpassword'];
$confirmnewpassword = md5($confirmnewpassword); 
$result = mysql_query("SELECT count(*) FROM users WHERE username='$username' and password='".md5($password)."'");
if(mysql_result($result,0)==1) //there must be one combination of user/pass
{
    if($newpassword==$confirmnewpassword) 
    {
        $sql=mysql_query("UPDATE users SET password='$newpassword' where username='$username'"); 
        if($sql) 
        { 
            echo "Congratulations! You have successfully changed your password"; 
        }
    }
    else
    { 
        echo "The new password and confirm new password fields must be the same"; 
    }   
}
else
{ 
    echo "Invalid Username/Password"; 
} 
?>

<form action="changepassword.php" method="post">
<div id="border">
<table cellpadding="2" cellspacing="0" border="0">
    <tr>
        <td align="center" colspan="2">Change your password by entering the necessary information below:</td>
    </tr>
    <tr>
        <td>Username:</td>
        <td><input type="text" name="username" /></td>
    </tr>
    <tr>
        <td>Password:</td>
        <td><input type="password" name="password" /></td>
    </tr>
    <tr>
        <td>New Password:</td>
        <td><input type="password" name="newpassword" /></td>
    </tr>
    <tr>
        <td>Confirm New Password:</td>
        <td><input type="password" name="confirmnewpassword" /></td>
    </tr>
    <tr>
        <td align="center" colspan="2"><input type="submit" name="submit" value="Submit" /></td>
    </tr>
</table>
</div>
</form>
    </body>
</html>
3
Contributors
7
Replies
14
Views
5 Years
Discussion Span
Last Post by viktor.jiracek.5
0

Hi,

Try this ( here we use the same page for the form and data processing : changepassword.php ) :

<html>
    <head>
        <title>Change Password</title>
        <link rel="stylesheet" type="text/css" href="style.css" />
    </head>
<body>
<?php

if(isset($_POST['username']){ // we sent data

    $connection=mysql_connect('localhost','root','') or die (mysql_error());
    $db=mysql_select_db('loginTut',$connection) or die (mysql_error());

    $username = $_POST['username'];
    $password = $_POST['password'];
    $newpassword = $_POST['newpassword'];
    $newpassword = md5($newpassword);
    $confirmnewpassword = $_POST['confirmnewpassword'];
    $confirmnewpassword = md5($confirmnewpassword); 

    if($newpassword != $confirmnewpassword){
        echo "The new password and confirm new password fields must be the same";
    }else{

        $result = mysql_query("SELECT count(*) FROM users WHERE username='$username' and password='".md5($password)."'");   

        if(mysql_result($result,0) == 1) { //there must be one combination of user/pass

            $sql=mysql_query("UPDATE users SET password='$newpassword' where username='$username'"); 
            if($sql) { 
                echo "Congratulations! You have successfully changed your password"; 
            }

        } else { 
            echo "Invalid Username/Password"; 
        } 
    }

} else { // we have not already sent the data, so we show the form

?>

    <form action="changepassword.php" method="post">
        <div id="border">
            <table cellpadding="2" cellspacing="0" border="0">
                <tr>
                    <td align="center" colspan="2">Change your password by entering the necessary information below:</td>
                </tr>
                <tr>
                    <td>Username:</td>
                    <td><input type="text" name="username" /></td>
                </tr>
                <tr>
                    <td>Password:</td>
                    <td><input type="password" name="password" /></td>
                </tr>
                <tr>
                    <td>New Password:</td>
                    <td><input type="password" name="newpassword" /></td>
                </tr>
                <tr>
                    <td>Confirm New Password:</td>
                    <td><input type="password" name="confirmnewpassword" /></td>
                </tr>
                <tr>
                    <td align="center" colspan="2"><input type="submit" name="submit" value="Submit" /></td>
                </tr>
            </table>
        </div>
    </form>

<?php } ?>

</body>
</html>
0

Thank you for the quick response! I appreciate it a lot. The code that you sent me has some sort of syntax error. I am coding all my stuff in dreamweaver and it has syntax errors on lines 9 and 39. I copied exacfly what you had there. Could you help me out?

0

I can't see anything majorly wrong here, but you need to clean your data properly and check more thoroughly:

session_start();
//... connection details...

if(isset($_POST['username']) && !empty($_POST['password']) && !empty($_POST['password']) && !empty($_POST['newpassword']) && !empty($_POST['confirmnewpassword']) && $_POST['newpassword'] === $_POST['confirmnewpassword'] && isset($_SESSION['user_id']){
    $post = array_map("mysql_real_escape_string", $_POST);
    extract($post);
    $password = md5($password);
    $newpassword = md5($newpassword);
    $confirmnewpassword = md5($confirmnewpassword);
    $id = $_SESSION['id'];
    $r = mysql_query("SELECT `password` FROM `users` WHERE user_id = $id AND `username` = '$username' LIMIT 1");
    if(mysql_num_rows($r)){
        $d = mysql_fetch_assoc($r);
        if($d['password'] == $password){
            $r = mysql_query("UPDATE `users` SET `password` = '$newpassword' WHERE user_id = $id");
            if(mysql_affected_rows() == 1){
                //SUCCESS
            }else{
                //error = 3 
            }
        }else{
            //error = 2
        }
    }else{
        //error = 2
    }
}else{
    //error = 1
}

Off top of my head - so not tested. Loads of ways you could do this. This is just one.

Edited by diafol

0

I found a bit more information about the error. Whenever I load up the screen on my local host, the first line of code displays an error exactly the same as the message on line 35 in my original code. I hope that helps! Thanks everyone for your help.

0

I have fixed the problem of submitting. It now works can update the code. The problem now is more with changing it aesthetically. I mean when I load up the page, in the corner of the screen, it loads the success message. I appreciate your help and thank you! Here is the code:

<?php
session_start();
$connection=mysql_connect('localhost','root','') or die (mysql_error());
$db=mysql_select_db('loginTut',$connection) or die (mysql_error());
include "functions.php";
?>
<html>
    <head>
        <title>Change Password</title>
            <link rel="stylesheet" type="text/css" href="style.css" />
    </head>
    <body>
<?php    
$username = protect($_POST['username']);
$password = protect($_POST['password']);
$newpassword = protect($_POST['newpassword']);
$newpassword = md5($newpassword);
$confirmnewpassword = protect($_POST['confirmnewpassword']);
$confirmnewpassword = md5($confirmnewpassword); 
$result = mysql_query("SELECT count(*) FROM users WHERE username='$username'");
if(mysql_result($result,0)==1) //there must be one combination of user/pass
{
    if($newpassword==$confirmnewpassword) 
    {
        $sql=mysql_query("UPDATE users SET password='$newpassword' WHERE username='$username' AND password='$password'"); 
        if($sql) 
        { 
            echo "You have successuflly changed your password!"; 
        }
    }
    else
    { 
        echo "Your new password must match with the confirm password field"; 
    }   
}
else
{ 
    echo "You have entered a wrong username or password"; 
} 
?>
<form action="changepassword.php" method="post">
<div id="border">
<table cellpadding="2" cellspacing="0" border="0">
    <tr>
        <td align="center" colspan="2">Change your password by entering the necessary information below:</td>
    </tr>
    <tr>
        <td>Username:</td>
        <td><input type="text" name="username" /></td>
    </tr>
    <tr>
        <td>Password:</td>
        <td><input type="password" name="password" /></td>
    </tr>
    <tr>
        <td>New Password:</td>
        <td><input type="password" name="newpassword" /></td>
    </tr>
    <tr>
        <td>Confirm New Password:</td>
        <td><input type="password" name="confirmnewpassword" /></td>
    </tr>
    <tr>
        <td align="center" colspan="2"><input type="submit" name="submit" value="Submit" /></td>
    </tr>
</table>
</div>
</form>
    </body>
</html>

Edited by viktor.jiracek.5: error

0

This is why I suggested the first if statement. It only runs the code if the form has been submitted. No output from php should be seen if you just enter the page.

0

Thank you for your help! You have helped immensely. I will take your advice into consideration and fix these bugs. Thank you!

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.